CAP_DAC_READ_SEARCH

CAP_DAC_READ_SEARCH
Overrides all DAC restrictions, regarding read and search on files
and directories, including ACL restrictions, if [_POSIX_ACL] is
defined. Excluding DAC access covered by CAP_LINUX_IMMUTABLE.

CAP_FOWNER

CODECAP_FOWNER

CAP_FOWNER
Overrides all restrictions about allowed operations on files, where
file owner ID must be equal to the user ID, except where CAP_FSETID
is applicable. It doesn't override MAC and DAC restrictions.

CAP_FSETID

CODECAP_FSETID

CAP_FSETID
Overrides the following restrictions, that the effective user ID shall
match the file owner ID, when setting the S_ISUID and S_ISGID bits on
that file; that the effective group ID (or one of the supplementary
group IDs) shall match the file owner ID when setting the S_ISGID bit
on that file; that the S_ISUID and S_ISGID bits are cleared on
successful return from chown(2) (not implemented).

CAP_FS_MASK

CODECAP_FS_MASK

CAP_FS_MASK
Used to decide between falling back on the old suser() or fsuser().

CAP_KILL

CODECAP_KILL

CAP_KILL
Overrides the restriction, that the real or effective user ID of a process,
sending a signal, must match the real or effective user ID of the process,
receiving the signal.

CAP_SYS_BOOT

CODECAP_SYS_BOOT

CAP_SYS_BOOT
Allow use of reboot().

CAP_SYS_NICE

CODECAP_SYS_NICE

CAP_SYS_NICE
Allow raising priority and setting priority on other (different UID) processes;
Allow use of FIFO and roundrobin (realtime) scheduling on own processes and setting
the scheduling algorithm used by another process.

CAP_SYS_TTY_CONFIG

CAP_MKNOD

CODECAP_MKNOD

CAP_MKNOD
Allow the privileged aspects of mknod().

CAP_LEASE

CODECAP_LEASE

CAP_LEASE
Allow taking of leases on files.

This article is based on a document formerly found on our main website gentoo.org. The following people have contributed to the original document: Ned Ludd, Adam MondlThey are listed here as the Wiki history does not provide for any attribution. If you edit the Wiki article, please do not add yourself here, your contributions are recorded on the history page.